Spring Rest api and Spring Basic Security

Hello I am new in spring and spring security. currently i am working on rest api in spring. as per spring provide rest api. rest api are stateless so we can not create a session to rest api. because it's a stateless if we do so then it's against the rest design. so my question is that can we never maintain the state of user in server side in rest? can we maintain it client side?? How?? In spring basic security we logged in and get the current user using principle. same case in spring rest authentication. so in case of rest api all is need is currently logged user? .if the spring rest api is stateless then how spring security maintain the currently logged in user. I read some block about spring through which we use token based authentication in which we can send username and password then we get the token and every time when we request we send that token and know the user which send the current request. the token is stored in cookie. So the cookie is stored in client side. In that case if the browser disable the cookies the how can we authenticate user and current user who logged in?

---

REST has nothing to do with security as is, its all about data manipulation, not about a security.

So, usually, you supply some sort of identification information along with your REST request. It can be a set of credentials, a token, an encrypted token and what not. For example, one of the formats of tokens is JWT token. But in theory, you can work with different formats as well.

Spring security supports many different flows. Sometimes you'll have to extend it here and there and plug-in some capabilities. But all in all, spring security is very extensible and allows many different levels of flexibility, its designed to support many different flows.

I know it's a kind of theoretical answer, but the question is also pretty theoretical :)

链接地址: http://www.djcxy.com/p/22332.html

上一篇: ASP.NET 5 OAuth承载令牌认证

下一篇: Spring Rest api和Spring基本安全